Category Archives: Windows

Update: Hidden Prefetch Files Detection using New PECmd

Posted on 26 May 2019 by [email protected]

Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading

Posted in AntiX, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Update: Hidden Prefetch Files Detection using New PECmd

Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Posted on 26 May 2019 by [email protected]

While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading

Posted in AntiX, Forensics, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

Posted on 24 May 2019 by [email protected]

One of my current students asked if using Stealth Alternate Data Streams (ADS), could bypass AVs? Therefore, I wanted to prove that for the student by doing a simple experiment. What was done is the following: 1. Turned off Windows … Continue reading

Posted in AntiX, Forensics, Malware, Metasploit, Windows | Tagged , , , , , , | Comments Off on Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

Forensic Analysis: Creating User GUI vs CLI

Posted on 7 January 2015 by [email protected]

Hello, This is my first forensic analysis post in English; as I’m sure you noticed by now that all of it is in Arabic; so excuse me for my bad English :) The whole idea came out when @azeemnow asked … Continue reading

Posted in Forensics, Windows | Tagged , , , , , | Comments Off on Forensic Analysis: Creating User GUI vs CLI

SMB Scanning بواسطة Metasploit

Posted on 1 August 2011 by [email protected]

حين تم تطوير Metasploit كان الهدف هو خلق بيئة متكاملة للمهاجم لتنفيذ هجومه على الهدف … من بين تلك الأهداف هي عمل Modules متخصصة في جزئيات معينة تسهل عليك الوصول الى الضحية … وكذلك حسب كتاب Metasploit الأخير، يقولون ليس … Continue reading

Posted in Footprinting, Linux Services, Metasploit, PenTest, Windows | Tagged , , , , | Comments Off on SMB Scanning بواسطة Metasploit